Showing posts with label OIF. Show all posts
Showing posts with label OIF. Show all posts

Monday, 23 February 2015

Understanding Oracle Identity Federation

Basics of OIF:

What exactly is OIF?

- Basically it enables the different entities to share their services using a global identity maintained by one of the organisation.

So what exactly it means?

Take an example to understand the usage of OIF:
- Let say a company ABC wants to use the service of a Health Care Company, so that ABC company employees can access Health Care Portal.
For this the health care company should have the ABC comapny employee database, so that when the ABC company employees wants to use the Health Care Services they can be authenticate & authorize to do so.
But ABC cann't share the database. So in this scenario how can Health Care Portal be able to become part of ABC comapny?

Answer is Federation
.

Thus here ABC Company using the OAM SSO for their employees, decides to enable the Federation feature. And the similiar OAM setup needs to be done at the Health Care side.
So in this case ABC company acts as Identity Provider (IdP) while the Health Care company as Service Provider (SP). 

What are these 2 things? IdP & SP

Oracle Identity Federation supports two integration modes with Oracle Access Manager: authentication mode and SP mode.
  • Authentication Mode (IdP)
In the authentication mode, Oracle Identity Federation delegates authentication of the user to Oracle Access Manager.
The user is redirected to an Oracle Identity Federation resource protected by WebGate, that triggers the Oracle Access Manager authentication flow. Once the user is identified, it will access the resource, and WebGate will provide to Oracle Identity Federation an HTTP header containing the user's identity.
  • SP Mode
In the SP mode, Oracle Access Manager delegates user authentication to Oracle Identity Federation, which uses the Federation Oracle Single Sign-On protocol with a remote Identity Provider. Once the Federation Oracle Single Sign-On flow is performed, Oracle Identity Federation will create a local session and then propagates the authentication state to Oracle Access Manager, which maintains the session information.
 

Use Case:
1) User access the ABC company portal, & hits the health care portal link. User is redirected to health care portal, where he is asked to enter his credentials.
 User submits his credentials which are actually saved in the ABC company database. Thus health care site sends the credentials submitted by user to the ABC comapny using SAMLv2.0 token form.
 ABC company replies in the SAMLv2.0 as well & health care portal reads the token returned by  
 ABC & based on the reply like user is valid & authorized or not. Health care portal takes the 
 decision. And makes the user to access the health care services based on that.
  
So in this way they get federated seamlessly.


References:


Enjoy :-)

Sunday, 22 February 2015

Enabling DCC for OAM 11g & OIF

Enabling DCC for OAM & OIF:


This post is divided into following sections:

1) Understanding OIF
2) Installing OAM 11g, OHS, Webgate 11g
3) Integrating OIF & OAM 11g
4) DCC for OAM & OIF



Enjoy :-)

Friday, 28 November 2014

Basics of OID, OVD & OIF


What is OID?
  • Oracle Internet Directory is an LDAP directory that uses an Oracle Database for storage. 
  • Clients communicate with a directory server by means of the Lightweight Directory Access Protocol (LDAP).

How DATA is stored in OID?
  • It is stored in hierarchical format i.e. DIT (Directory Information Tree).
What all you can store in OID?

  • You can store passwords, connections information etc.

What is Oracle Integration Platform?

  • It enables you to sync the data to & fro between the databases. Like from OID to Finance Database.

What is the benefit of using OVD (Oracle Virtual Directory)?

  • OVD acts as an interface, which has adapters to connect to multiple data sources. It basically provides an LDAP Service using which you connect to different databases, directories.....
  • This adds an advantage to the organizations to use a single interface which actually in the background talking to multiple directories or databases.


What is OIF (Oracle Identity Federation)?

  • Oracle Identity Federation enables companies to share the identity information with their partner organizations i.e. the end user does not need to log in again to the partner site once he/she gets logged in to his/her company account. 
  • With this feature the enterprises can federate seamlessly with the partner organizations and no compromise needs to do with security checks.


Hope it solves some of your doubts......

Enjoy :-)